main-content

This book constitutes the refereed proceedings of the 35th IFIP TC 11 International Conference on Information Security and Privacy Protection, SEC 2020, held in Maribor, Slovenia, in September 2020. The conference was held virtually due to the COVID-19 pandemic.

The 29 full papers presented were carefully reviewed and selected from 149 submissions. The papers present novel research on theoretical and practical aspects of security and privacy protection in ICT systems. They are organized in topical sections on channel attacks; connection security; human aspects of security and privacy; detecting malware and software weaknesses; system security; network security and privacy; access control and authentication; crypto currencies; privacy and security management; and machine learning and security.

### Leaky Controller: Cross-VM Memory Controller Covert Channel on Multi-core Systems

Abstract
Data confidentiality is put at risk on cloud platforms where multiple tenants share the underlying hardware. As multiple workloads are executed concurrently, conflicts in memory resource occur, resulting in observable timing variations during execution. Malicious tenants can intentionally manipulate the hardware platform to devise a covert channel, enabling them to steal the data of co-residing tenants. This paper presents two new microarchitectural covert channel attacks using the memory controller. The first attack allows a privileged adversary (i.e. process) to leak information in a native environment. The second attack is an extension to cross-VM scenarios for unprivileged adversaries. This work is the first instance of leakage channel based on the memory controller. As opposed to previous denial-of-service attacks, we manage to modulate the load on the channel scheduler with accuracy. Both attacks are implemented on cross-core configurations. Furthermore, the cross-VM covert channel is successfully tested across three different Intel microarchitectures. Finally, a comparison against state-of-the-art covert channel attacks is provided, along with a discussion on potential mitigation techniques.
Benjamin Semal, Konstantinos Markantonakis, Raja Naeem Akram, Jan Kalbantner

### Evaluation of Statistical Tests for Detecting Storage-Based Covert Channels

Abstract
Individuals and organizations are more aware than ever of the importance and value of preserving the confidentiality and privacy of sensitive information. However, detecting the leakage of sensitive information in networked systems is still a challenging problem, especially when adversaries use covert channels to exfiltrate sensitive information to unauthorized parties. Presently, approaches for detecting timing-based covert channels have been studied more extensively than those for detecting storage-based covert channels. In this paper, we evaluate the effectiveness of a selection of statistical tests for detecting storage-based covert channels. We present the results of several experiments which show that complexity-based tests are effective at detecting storage-based covert channels when information is embedded into network packet header fields that are not expected to follow a particular pattern, such as the IP Identification and Time-to-Live. These results can help to guide the construction of practical detection platforms capable of effectively detecting the leakage of sensitive information via storage-based covert channels.
Thomas A. V. Sattolo, Jason Jaskolka

### IE-Cache: Counteracting Eviction-Based Cache Side-Channel Attacks Through Indirect Eviction

Abstract
Protecting critical information against eviction-based cache side-channel attacks has always been challenging. In these attacks, attacker reveals secrets by observing cache lines evicted by the co-running applications. A precondition for such attacks is that the attacker needs a set of cache lines mapped to memory addresses belonging to victim, called eviction set. Attacker learns eviction set by loading the cache lines at random and then it observes their evictions as a result of victim access. We have found that the relation between the incoming memory location and the resulting evicted cache line eases the learning of an eviction set. In this paper, we propose Indirect Eviction Cache (IE-Cache) that is based on the principle of indirect eviction to harden the building of eviction set. In an eviction process of IE-Cache, incoming memory triggers series of replacements based on the cached memory addresses and a secure-indexing function, and the last replaced cache line is evicted. This increases the set size and introduces non-evicting cache lines in the eviction set. Through experimental results, we have shown that a 4-way set associative IE-Cache having 1MB and up to 3 replacements per eviction would require an attacker to generate $${\approx }2^{59}$$ memory accesses to learn an eviction set with 99% confidence. Moreover, it achieves 1–3% speedup compared to set-associative cache with a random-replacement policy on PARSEC benchmarks.
Muhammad Asim Mukhtar, Muhammad Khurram Bhatti, Guy Gogniat

### Refined Detection of SSH Brute-Force Attackers Using Machine Learning

Abstract
This paper presents a novel approach to detect SSH brute-force (BF) attacks in high-speed networks. Contrary to host-based approaches, we focus on network traffic analysis to identify attackers. Recent papers describe how to detect BF attacks using pure NetFlow data. However, our evaluation shows significant false-positive (FP) results of the current solution. To overcome the issue of high FP rate, we propose a machine learning (ML) approach to detection using specially extended IP Flows. The contributions of this paper are a new dataset from real environment, experimentally selected ML method, which performs with high accuracy and low FP rate, and an architecture of the detection system. The dataset for training was created using extensive evaluation of captured real traffic, manually prepared legitimate SSH traffic with characteristics similar to BF attacks, and, finally, using a packet trace with SSH logs from real production servers.
Karel Hynek, Tomáš Beneš, Tomáš Čejka, Hana Kubátová

### MultiTLS: Secure Communication Channels with Cipher Suite Diversity

Abstract
TLS ensures confidentiality, integrity, and authenticity of communications. However, design, implementation, and cryptographic vulnerabilities can make TLS communication channels insecure. We need mechanisms that allow the channels to be kept secure even when a new vulnerability is discovered.
We present MultiTLS, a middleware based on diversity and tunneling mechanisms that allows keeping communication channels secure even when new vulnerabilities are discovered. MultiTLS creates a secure communication channel through the encapsulation of k TLS channels, where each one uses a different cipher suite. We evaluated the performance of MultiTLS and concluded that it has the advantage of being easy to use and maintain since it does not modify any of its dependencies.
Ricardo Moura, David R. Matos, Miguel L. Pardal, Miguel Correia

### Improving Big Data Clustering for Jamming Detection in Smart Mobility

Abstract
Smart mobility, with its urban transportation services ranging from real-time traffic control to cooperative vehicle infrastructure systems, is becoming increasingly critical in smart cities. These smart mobility services thus need to be very well protected against a variety of security threats, such as intrusion, jamming, and Sybil attacks. One of the frequently cited attacks in smart mobility is the jamming attack. In order to detect the jamming attacks, different anti-jamming applications have been developed to reduce the impact of malicious jamming attacks. One important step in anti-jamming detection is to cluster the vehicular data. However, it is usually very time-consuming to detect the jamming attacks that may affect the safety of roads and vehicle communication in real-time. Therefore, this paper proposes an efficient big data clustering model, coresets-based clustering, to support the real-time detection of jamming attacks. We validate the model efficiency and applicability in the context of a typical smart mobility system: Vehicular Ad-hoc Network, known as VANET.
Hind Bangui, Mouzhi Ge, Barbora Buhnova

### Assisting Users to Create Stronger Passwords Using ContextBased MicroTraining

Abstract
Joakim Kävrestad, Marcus Nohlberg

### Facilitating Privacy Attitudes and Behaviors with Affective Visual Design

Abstract
We all too often must consent to information collection at an early stage of digital interactions, during application sign-up. Paying low attention to privacy policies, we are rarely aware of processing practices. Drawing on multidisciplinary research, we postulate that privacy policies presenting information in a way that triggers affective responses, together with individual characteristics, may influence privacy attitudes. Through an online quasi-experiment ($$N=88$$), we investigate how affect, illustration type, personality, and privacy concerns may influence end-users’ willingness to disclose information and privacy awareness. Our results partially confirm these assumptions. We found that the affect may have an impact on privacy awareness, and stable psychological factors may influence disclosures. We discuss the applicability of our findings in interface design and in future research.
Agnieszka Kitkowska, Yefim Shulman, Leonardo A. Martucci, Erik Wästlund

### Privacy CURE: Consent Comprehension Made Easy

Abstract
Although the General Data Protection Regulation (GDPR) defines several potential legal bases for personal data processing, in many cases data controllers, even when they are located outside the European Union (EU), will need to obtain consent from EU citizens for the processing of their personal data. Unfortunately, existing approaches for obtaining consent, such as pages of text followed by an agreement/disagreement mechanism, are neither specific nor informed. In order to address this challenge, we introduce our Consent reqUest useR intErface (CURE) prototype, which is based on the GDPR requirements and the interpretation of those requirements by the Article 29 Working Party (i.e., the predecessor of the European Data Protection Board). The CURE prototype provides transparency regarding personal data processing, more control via a customization, and, based on the results of our usability evaluation, improves user comprehension with respect to what data subjects actually consent to. Although the CURE prototype is based on the GDPR requirements, it could potentially be used in other jurisdictions also.
Olha Drozd, Sabrina Kirrane

### JavaScript Malware Detection Using Locality Sensitive Hashing

Abstract
In this paper, we explore the idea of using locality sensitive hashes as input features to a feed-forward neural network with the goal of detecting JavaScript malware through static analysis. An experiment is conducted using a dataset containing 1.5M evenly distributed benign and malicious samples provided by the anti-malware company Cyren. Four different locality sensitive hashing algorithms are tested and evaluated: Nilsimsa, ssdeep, TLSH, and SDHASH. The results show a high prediction accuracy, as well as low false positive and negative rates. These results show that LSH based neural networks are a competitive option against other state-of-the-art JavaScript malware classification solutions.
Stefan Carl Peiser, Ludwig Friborg, Riccardo Scandariato

### RouAlign: Cross-Version Function Alignment and Routine Recovery with Graphlet Edge Embedding

Abstract
Reverse engineering is labor-intensive work to understand the inner implementation of a program, and is necessary for malware analysis, vulnerability hunting, etc. Cross-version function identification and subroutine matching would greatly release manpower by indicating the known parts coming from different binary programs. Existing approaches mainly focus on function recognition ignoring the recovery of the relationships between functions, which makes the researchers hard to locate the calling routine they are interested in.
In this paper, we propose a method using graphlet edge embedding to abstract high-level topology features of function call graphs and recover the relationships between functions. With the recovery of function relationships, we reconstruct the calling routine of the program and then infer the specific functions in it. We implement a prototype model called RouAlign, which can automatically align the trunk routine of assembly codes. We evaluated RouAlign on 65 groups of real-world programs, with over two million functions. RouAlign outperforms state-of-the-art binary comparing solutions by over 35% with a high precision of 92% on average in pairwise function recognition.
Can Yang, Jian Liu, Mengxia Luo, Xiaorui Gong, Baoxu Liu

### Code Between the Lines: Semantic Analysis of Android Applications

Abstract
Static and dynamic program analysis are the key concepts researchers apply to uncover security-critical implementation weaknesses in Android applications. As it is often not obvious in which context problematic statements occur, it is challenging to assess their practical impact. While some flaws may turn out to be bad practice but not undermine the overall security level, others could have a serious impact. Distinguishing them requires knowledge of the designated app purpose.
In this paper, we introduce a machine learning-based system that is capable of generating natural language text describing the purpose and core functionality of Android apps based on their actual code. We design a dense neural network that captures the semantic relationships of resource identifiers, string constants, and API calls contained in apps to derive a high-level picture of implemented program behavior. For arbitrary applications, our system can predict precise, human-readable keywords and short phrases that indicate the main use-cases apps are designed for.
We evaluate our solution on 67,040 real-world apps and find that with a precision between 69% and 84% we can identify keywords that also occur in the developer-provided description in Google Play. To avoid incomprehensible black box predictions, we apply a model explaining algorithm and demonstrate that our technique can substantially augment inspections of Android apps by contributing contextual information.
Johannes Feichtner, Stefan Gruber

### IMShell-Dec: Pay More Attention to External Links in PowerShell

Abstract
Windows proposes the PowerShell shell command line to substitute the traditional CMD. However, it is often utilized by the attacker to invade the victim because of its versatile functionality. In this paper, we investigate an attack combined PowerShell and image steganography. Compared with the traditional method, this attack can deceive the defender by hiding its malicious contents in benign images. To effectively detect this attack, we propose a framework IMShell-Dec, whose main target is to check external links before the execution of PowerShell script. IMShell-Dec trains a machine learning classifier with image examples, where the features are generated by merging histograms of three image color channels. Then IMShell-Dec examines the script through tracking and classifying the related images. The detector achieves more than 95% precision in 9,589 high-definition images.
RuiDong Han, Chao Yang, JianFeng Ma, Siqi Ma, YunBo Wang, Feng Li

### Secure Attestation of Virtualized Environments

Abstract
Securing the integrity of virtualized environments like clouds is challenging yet feasible. Operators have discovered the advantages of virtualization technology in terms of flexibility, scalability, cost-effectiveness, and availability. Applications range from network and embedded devices to big data centers and cloud computing. Trusted Computing technology can be employed to protect the integrity of a system by leveraging a Trusted Platform Module (TPM) and remote attestation.
Existing research on remote attestation of virtualized environments differs in scalability, resource consumption, and provided security guarantees. While some approaches scale at large and use the TPM efficiently, they are way more intrusive, requiring changes to hypervisor and Virtual Machine (VMs). Others render entirely impractical with an increasing number of VMs, caused by the TPM being the bottleneck.
In this paper we analyze existing work on remote attestation for virtualized environments and discuss benefits as well as shortcomings. We identify an approach that provides adequate security and is easy to implement but is prone to relay attacks. We improve that approach by developing countermeasures, while maintaining existing security guarantees. Our contribution requires only minimal changes to the hypervisor system, keeping existing attestation protocols intact. We implement and evaluate on production-grade hardware, and compare our improved attestation approach with the most sophisticated alternative approach.
With performance measurements and further evaluations we show that our solution outperforms the other approach for a small number of VMs, as used in network devices and embedded systems.
Michael Eckel, Andreas Fuchs, Jürgen Repp, Markus Springer

### Security and Performance Implications of BGP Rerouting-Resistant Guard Selection Algorithms for Tor

Abstract
Tor is the most popular anonymization system with millions of daily users and, thus, an attractive target for attacks, e.g., by malicious autonomous systems (ASs) performing active routing attacks to become man in the middle and deanonymize users. It was shown that the number of such malicious ASs is significantly larger than previously expected due to the lack of security guarantees in the Border Gateway Protocol (BGP). In response, recent works suggest alternative Tor path selection methods prefering Tor nodes with higher resilience to active BGP attacks.
In this work, we analyze the implications of such proposals. We show that Counter-RAPTOR and DPSelect are not as secure as thought before: for particular users they allow for leakage of user’s location. DPSelect is not as resilient as widely accepted as we show that it achieves only one third of its originally claimed resilience and, hence, does not protect users from routing attacks. We reveal the performance implications of both methods and identify scenarios where their usage leads to significant performance bottlenecks. Finally, we propose a new metric to quantify the user’s location leakage by path selection. Using this metric and performing large-scale analysis, we show to which extent a malicious middle can fingerprint the user’s location and what kind of confidence it can achieve. Our findings shed light on the implications of path selection methods on the users’ anonymity and the need for further research.
Asya Mitseva, Marharyta Aleksandrova, Thomas Engel, Andriy Panchenko

### Actively Probing Routes for Tor AS-Level Adversaries with RIPE Atlas

Abstract
Tor provides anonymity to millions of users around the globe, which has made it a valuable target for malicious actors. As a low-latency anonymity system, it is vulnerable to traffic correlation attacks from strong passive adversaries, such as large autonomous systems. Estimations of the risk posed by such attackers as well as the evaluation of defense strategies are mostly based on simulations and data retrieved from BGP updates. However, this might only provide an incomplete view of the network and thereby influence the results of such analyses. It has already been acknowledged in previous studies that direct path measurements, e.g. with traceroute, could provide valuable information. But in the past, such measurements were thought to be impossible, because they require the placement of measurement nodes in the same ASes as the respective Tor network nodes. With the rise of new technologies and methodologies, this assumption needs to be re-evaluated.
In this paper we present a novel methodology to utilize the RIPE Atlas framework, a network of more than 10,000 probes worldwide, to actively perform traceroute commands from and to Tor guard and exit relays to clients and destinations. Based on multiple global scans our results validate previous results and show the large influence on Tor posed by a limited set of ASes. These are in a strong position to carry out effective correlation attacks on Tor traffic. With this work, we provide an additional source of information that can be used together with BGP route information to increase the accuracy of future models and simulations of Tor and ultimately improve anonymity on the Internet.
Wilfried Mayer, Georg Merzdovnik, Edgar Weippl

### Zeek-Osquery: Host-Network Correlation for Advanced Monitoring and Intrusion Detection

Abstract
Intrusion Detection Systems (IDSs) can analyze network traffic for signs of attacks and intrusions. However, encrypted communication limits their visibility and sophisticated attackers additionally try to evade their detection. To overcome these limitations, we extend the scope of Network IDSs (NIDSs) with additional data from the hosts. For that, we propose the integrated open-source zeek-osquery platform that combines the Zeek IDS with the osquery host monitor. Our platform can collect, process, and correlate host and network data at large scale, e.g., to attribute network flows to processes and users. The platform can be flexibly extended with own detection scripts using already correlated, but also additional and dynamically retrieved host data. A distributed deployment enables it to scale with an arbitrary number of osquery hosts. Our evaluation results indicate that a single Zeek instance can manage more than 870 osquery hosts and can attribute more than 96% of TCP connections to host-side applications and users in real-time.
Steffen Haas, Robin Sommer, Mathias Fischer

### Revisiting Security Vulnerabilities in Commercial Password Managers

Abstract
In this work we analyse five popular commercial password managers for security vulnerabilities. Our analysis is twofold. First, we compile a list of previously disclosed vulnerabilities through a comprehensive review of the academic and non-academic sources and test each password manager against all the previously disclosed vulnerabilities. We find a mixed picture of fixed and persisting vulnerabilities. Then we carry out systematic functionality tests on the considered password managers and find four new vulnerabilities. Notably, one of the new vulnerabilities we identified allows a malicious app to impersonate a legitimate app to two out of five widely-used password managers we tested and as a result steal the user’s password for the targeted service. We implement a proof-of-concept attack to show the feasibility of this vulnerability in a real-life scenario. Finally, we report and reflect on our experience of responsible disclosure of the newly discovered vulnerabilities to the corresponding password manager vendors.
Michael Carr, Siamak F. Shahandashti

### Evaluation of Risk-Based Re-Authentication Methods

Abstract
Risk-based Authentication (RBA) is an adaptive security measure that improves the security of password-based authentication by protecting against credential stuffing, password guessing, or phishing attacks. RBA monitors extra features during login and requests for an additional authentication step if the observed feature values deviate from the usual ones in the login history. In state-of-the-art RBA re-authentication deployments, users receive an email with a numerical code in its body, which must be entered on the online service. Although this procedure has a major impact on RBA’s time exposure and usability, these aspects were not studied so far. We introduce two RBA re-authentication variants supplementing the de facto standard with a link-based and another code-based approach. Then, we present the results of a between-group study (N = 592) to evaluate these three approaches. Our observations show with significant results that there is potential to speed up the RBA re-authentication process without reducing neither its security properties nor its security perception. The link-based re-authentication via “magic links”, however, makes users significantly more anxious than the code-based approaches when perceived for the first time. Our evaluations underline the fact that RBA re-authentication is not a uniform procedure. We summarize our findings and provide recommendations.
Stephan Wiefling, Tanvi Patil, Markus Dürmuth, Luigi Lo Iacono

### Fuzzy Vault for Behavioral Authentication System

Abstract
A fuzzy vault encrypts a message using fuzzy data such as user’s biometric data as the vault key. Fuzzy vault can be used to protect users’ cryptographic keys in smart cards and inside applications. We consider fuzzy vault based on behavioral data. A behavioral profile of a user consists of a set of features that collectively authenticates the user. Compared to biometric vault behavioral vault has the advantages of being revocable and less privacy sensitive. Fuzzy vaults for behavioral data, however, introduces significant challenges including feature representation, and feature matching algorithms that can provide the required correctness, security, and efficiency. We design and analyze a fuzzy vault based on the user’s behavioral data that employs a novel soft-decision decoding algorithm and implement our design for two behavioral authentication (BA) systems. Our approach is general and can be used for other BA systems. We discuss our results and directions for future research.
Md Morshedul Islam, Reihaneh Safavi-Naini

### Improvements of the Balance Discovery Attack on Lightning Network Payment Channels

Abstract
The Lighting Network (LN) is a network of micropayment channels that runs on top of Bitcoin. The balances of payment channels are not broadcasted to the LN network to preserve the privacy of the nodes participating in the network. A balance disclosure attack (BDA) has been proven to be successful in determining the balance of large amounts of channels in the network. In this paper we propose an improved algorithm for the BDA as well as a new type of attack that leverages the differences between LN client software implementations. Our improved algorithm extends the original BDA by performing payments from both sides of the channel. The new attack uses malformed payments to shutdown payment channels an adversary is not part of.
Gijs van Dam, Rabiah Abdul Kadir, Puteri N. E. Nohuddin, Halimah Badioze Zaman

### CCBRSN: A System with High Embedding Capacity for Covert Communication in Bitcoin

Abstract
Covert communication has been using to prevent confidential information from being leaked to an unintended receiver. In this paper, we present a general purpose novel methodology for blockchain-based covert communication system design to be used in Bitcoin environment. Blockchain is a distributed system which combines P2P network, consensus protocol, encryption algorithm to complete the first reliable cryptocurrency system Bitcoin. According to the high security and convenient access of this technology, many applications based on Blockchain such as smart contracts, distributed cloud storage have been developed. However, in the field of covert communication, there are few researches are applied in Blockchain. Therefore in this paper, we propose a system called Covert Communication based on Bitcoin Regtest Self-built Network (CCBRSN), which takes Blockchain as a covert communication channel and embeds encrypted messages into Blockchain’s addresses to transmit. In this model, users can transmit covert messages via Blockchain mutually and fast. Finally, we provide experimental analysis for our proposal to show that it is suitable for practical application.
Weizheng Wang, Chunhua Su

### Privacy-Friendly Monero Transaction Signing on a Hardware Wallet

Abstract
Keeping cryptocurrency spending keys safe and being able to use them when signing a transaction is a well-known problem, addressed by hardware wallets. Our work focuses on a transaction signing process for privacy-centric cryptocurrency Monero, in the hardware wallets. We designed, implemented, and analyzed a privacy-preserving transaction signing protocol that runs on a hardware wallet and protects the spending keys. Moreover, we also implemented a privacy-preserving multi-party version of the Bulletproof zero-knowledge prover algorithm, which runs on a hardware wallet with constant memory. We present the protocols and evaluate their performance on a real hardware wallet.
Dusan Klinec, Vashek Matyas

### A Matter of Life and Death: Analyzing the Security of Healthcare Networks

Abstract
Healthcare Delivery Organizations (HDOs) are complex institutions where a broad range of devices are interconnected. This inter-connectivity brings security concerns and we are observing an increase in the number and sophistication of cyberattacks on hospitals. In this paper, we explore the current status of network security in HDOs and identify security gaps via a literature study and two observational studies. We first use the literature study to derive a typical network architecture and the threats relevant to HDOs. Then we analyze in the first observational study data from 67 HDOs to highlight the challenges they face with regards to device security and management. The second study leverages the network traffic from 5 HDOs in order to point out a number of concrete observations which depict how patient data can be exposed and how cyber-physical attacks could impact patient health. Finally we offer in this paper a starting point for securing HDOs’ network.
Guillaume Dupont, Daniel Ricardo dos Santos, Elisa Costante, Jerry den Hartog, Sandro Etalle

### Establishing a Strong Baseline for Privacy Policy Classification

Abstract
Digital service users are routinely exposed to Privacy Policy consent forms, through which they enter contractual agreements consenting to the specifics of how their personal data is managed and used. Nevertheless, despite renewed importance following legislation such as the European GDPR, a majority of people still ignore policies due to their length and complexity. To counteract this potentially dangerous reality, in this paper we present three different models that are able to assign pre-defined categories to privacy policy paragraphs, using supervised machine learning. In order to train our neural networks, we exploit a dataset containing 115 privacy policies defined by US companies. An evaluation shows that our approach outperforms state-of-the-art by 5% over comparable and previously-reported F1 values. In addition, our method is completely reproducible since we provide open access to all resources. Given these two contributions, our approach can be considered as a strong baseline for privacy policy classification.
Najmeh Mousavi Nejad, Pablo Jabat, Rostislav Nedelchev, Simon Scerri, Damien Graux

### Cross-Platform File System Activity Monitoring and Forensics – A Semantic Approach

Abstract
Ensuring data confidentiality and integrity are key concerns for information security professionals, who typically have to obtain and integrate information from multiple sources to detect unauthorized data modifications and transmissions. The instrumentation that operating systems provide for the monitoring of file system level activity can yield important clues on possible data tampering and exfiltration activity but the raw data that these tools provide is difficult to interpret, contextualize and query. In this paper, we propose and implement an architecture for file system activity log acquisition, extraction, linking and storage that leverages semantic techniques to tackle limitations of existing monitoring approaches in terms of integration, contextualization, and cross-platform interoperability. We illustrate the applicability of the proposed approach in both forensic and monitoring scenarios and conduct a performance evaluation in a virtual setting.
Kabul Kurniawan, Andreas Ekelhart, Fajar Ekaputra, Elmar Kiesling

### A Correlation-Preserving Fingerprinting Technique for Categorical Data in Relational Databases

Abstract
Fingerprinting is a method of embedding a traceable mark into digital data, to verify the owner and identify the recipient a certain copy of a data set has been released to. This is crucial when releasing data to third parties, especially if it involves a fee, or if the data is of sensitive nature, due to which further sharing and leaks should be discouraged and deterred from. Fingerprinting and watermarking are well explored in the domain of multimedia content, such as images, video, or audio.
The domain of relational databases is explored specifically for numerical data types, for which most state-of-art techniques are designed. However, many datasets also, or even exclusively, contain categorical data.
We, therefore, propose a novel approach for fingerprinting categorical type of data, focusing on preserving the semantic relations between attributes, and thus limiting the perceptibility of marks, and the effects of the fingerprinting on the data quality and utility. We evaluate the utility, especially for machine learning tasks, as well as the robustness of the fingerprinting scheme, by experiments on benchmark data sets.
Tanja Sarcevic, Rudolf Mayer

### FDFtNet: Facing Off Fake Images Using Fake Detection Fine-Tuning Network

Abstract
Creating fake images and videos such as “Deepfake” has become much easier these days due to the advancement in Generative Adversarial Networks (GANs). Moreover, recent research such as the few-shot learning can create highly realistic personalized fake images with only a few images. Therefore, the threat of Deepfake to be used for a variety of malicious intents such as propagating fake images and videos becomes prevalent. And detecting these machine-generated fake images has been more challenging than ever.
In this work, we propose a light-weight robust fine-tuning neural network-based classifier architecture called Fake Detection Fine-tuning Network (FDFtNet), which is capable of detecting many of the new fake face image generation models, and can be easily combined with existing image classification networks and fine-tuned on a few datasets. In contrast to many existing methods, our approach aims to reuse popular pre-trained models with only a few images for fine-tuning to effectively detect fake images. The core of our approach is to introduce an image-based self-attention module called Fine-Tune Transformer that uses only the attention module and the down-sampling layer. This module is added to the pre-trained model and fine-tuned on a few data to search for new sets of feature space to detect fake images. We experiment with our FDFtNet on the GANs-based dataset (Progressive Growing GAN) and Deepfake-based dataset (Deepfake and Face2Face) with a small input image resolution of 64$$\times$$64 that complicates detection. Our FDFtNet achieves an overall accuracy of 90.29% in detecting fake images generated from the GANs-based dataset, outperforming the state-of-the-art.
Hyeonseong Jeon, Youngoh Bang, Simon S. Woo

### Escaping Backdoor Attack Detection of Deep Learning

Abstract
Malicious attacks become a top concern in the field of deep learning (DL) because they have kept threatening the security and safety of applications where DL models are deployed. The backdoor attack, an emerging one among these malicious attacks, attracts a lot of research attentions in detecting it because of its severe consequences. Latest backdoor detections have made great progress by reconstructing backdoor triggers and performing the corresponding outlier detection. Although they are effective on existing triggers, they still fall short of detecting stealthy ones which are proposed in this work. New triggers of our backdoor attack can be generally inserted into DL models through a hidden and reconstruction-resistant manner. We evaluate our attack against two state-of-the-art detections on three different data sets, and demonstrate that our attack is able to successfully insert target backdoors and also escape the detections. We hope our design is able to shed some light on how the backdoor detection should be advanced along this line in future.
Yayuan Xiong, Fengyuan Xu, Sheng Zhong, Qun Li